A wide-area network (WAN) may be used to transfer encrypted data packets and data flows from one trusted enclave, or a segment of an internal network defined by common security policies, to a second trusted enclave. However, the WAN is susceptible to a variety of equipment failures and cyber-attacks that may impair the connectivity provided by it to mission applications running within the user enclaves and thereby adversely impacting mission effectiveness. Some examples include packet flooding denial-of service (DoS) attacks, subversion of routing or network management protocols by malicious code embedded within routers, accidental or malicious misconfiguration of routers or switches, and network device failures. Since the WAN may not be controlled by any of the trusted enclaves, operations must be performed within the enclaves using plain-text-side and overlay routing to affect paths on the cipher-text WAN. Some existing approaches use a fully distributed network optimization technique based on cooperative game theory. Such approaches seek to allocate network resources to competing data flows in a manner that maximizes the cumulative network performance. However, this may be inefficient for user datagram protocol (UDP) based applications, such as video streaming, and multicast data flows.